Privacy Policy

This Privacy Policy explains how route2048 collects, uses, discloses, and stores personal information when you visit our public pages, create or use an account, interact with chat or artifact features, purchase a plan, or contact support.

It applies to our web, desktop, and mobile experiences and related service operations. Third-party services such as Auth0 and Stripe also process data under their own terms and notices.

The categories of information we collect depend on how you use the Service.

• Account and identity data, such as name, email address, Auth0 or external provider identifiers, organization or workspace details, and account verification state.
• Content and workflow data, such as prompts, chat messages, uploaded files, source materials, notes, tasks, route plans, generated artifacts, and feedback you provide.
• Billing and support data, such as subscription plan, Stripe customer, subscription, and invoice identifiers, payment status, support requests, and communications with us.
• Technical and usage data, such as IP address, browser or app version, device metadata, language preference, timestamps, logs, and interaction events needed to operate and secure the Service.

We do not receive or store full payment card numbers. Stripe handles payment instrument collection and storage for billing flows that it operates.

We collect information directly from you, from your device, browser, or app, from identity providers used for sign-in, from Stripe for billing events, and from service activity generated when you use route2048.

• Provide, authenticate, personalize, and maintain the Service.
• Generate and verify learning artifacts, routes, and AI-assisted outputs.
• Sync subscriptions, invoices, and entitlements.
• Respond to support requests and send service notices.
• Monitor performance, debug incidents, prevent abuse, and enforce our Terms.
• Comply with legal obligations and protect our rights, users, and systems.

route2048 uses cookies, similar technologies, and local storage for limited operational purposes.

• Language preference storage on public pages so we can remember your selected locale.
• Authentication, session, and logout state handling.
• Guest or temporary session tokens needed to keep some chat or onboarding flows working securely.
• Security-related signals such as CSRF or abuse-prevention controls when applicable.

We do not use third-party advertising cookies on these public pages. You can manage cookies through your browser settings, but disabling required cookies may make parts of the Service unavailable.

We do not sell personal information. We disclose information only to the extent needed to run the Service or when law permits or requires it.

• Identity and authentication providers, including Auth0 and any external identity provider you choose to use.
• Payment processors and billing vendors, including Stripe.
• Hosting, storage, observability, email, support, and security providers that help us run route2048.
• Model providers, compute providers, and verification environments used to generate or validate learning artifacts and AI-assisted features.
• Courts, regulators, law enforcement, counterparties, or professional advisors when we must respond to legal process, enforce rights, or protect safety and security.

Some of the service providers above process information outside your country. When that happens, we rely on contractual, organizational, and technical safeguards that are appropriate to the transfer.

We keep personal information for as long as needed to provide the Service, maintain account history, resolve disputes, enforce agreements, and meet legal, tax, security, and accounting obligations.

• Active account data is typically kept while your account remains open.
• Generated artifacts, source materials, and logs may remain for backup, recovery, and audit purposes for a limited period after deletion or closure.
• Billing and compliance records may be retained longer where required by law or legitimate business needs.

Depending on where you live, you may have rights to access, correct, delete, export, or object to certain processing of your personal information.

• You can update some profile and billing details through the Service or the Stripe-hosted billing flow.
• You can control locale storage and many browser permissions from your device or browser settings.
• For access, deletion, export, correction, or other privacy requests, contact support@route2048.com and provide enough information for us to verify your identity.

We may decline or limit a request where the law allows, such as when fulfilling it would adversely affect the rights of others or prevent us from meeting legal obligations.

We use administrative, technical, and physical safeguards designed to protect personal information, including encrypted transport, authentication controls, access restrictions, and service monitoring. No method of transmission, storage, or processing is completely secure.

The Service is not intended for children under 13 or the minimum digital-consent age in the relevant jurisdiction. If you believe a child provided personal information to route2048 without appropriate authorization, contact us so we can investigate and take action.

We may update this Privacy Policy from time to time. If we make material changes, we will update the date on this page and provide additional notice where required.

Questions about this Privacy Policy or privacy requests can be sent to support@route2048.com.